Snort mailing list archives
Re: so_rules are not processed by pulledpork underFreeBSD 9.1
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Fri, 10 May 2013 06:46:14 +0000
On Thu, May 9, 2013 at 4:55 PM, JJ Cummings <cummingsj () gmail com> wrote:
In you pp conf try specifying 2.9.4.5 as your snort_version Sent from the iRoad On May 9, 2013, at 7:33, "Seth Dunn" <seth () d2ms com> wrote:
I have tried, and pp puts so_rules in correct path, but it doesn't
process them. Executing snort command manually:
root@plzfnsm01:~# snort -c /data/config/etc/idpsnort01/snort.conf
--dump-dynamic-rules=/tmp/h
Running in Rule Dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/data/config/etc/idpsnort01/snort.conf"
PortVar 'HTTP_PORTS' defined : [ 80:89 311 383 591 593 631 901 1090
1220 1414 1741 1830 2301 2381 2809 3037 3128 3200 3210 3300 3310 3333
3600 3610 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779
8000 8008 8014 8028 8080 8085 8088 8090 8100 8118 8123 8180:8181 8222
8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371
34443:34444 41080 50000:50010 51000:51010 55555 ]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined : [ 80:89 110 143 311 383 591 593
631 901 1090 1220 1414 1741 1830 2301 2381 2809 3037 3128 3200 3210
3300 3310 3333 3600 3610 3702 4343 4848 5250 6988 7000:7001 7144:7145
7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8100 8118 8123
8180:8181 8222 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091
9443 9999 11371 34443:34444 41080 50000:50010 51000:51010 55555 ]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-Full-Q
Split Any/Any group = enabled
Search-Method-Optimizations = enabled
Maximum pattern length = 20
ERROR: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(0)
Unable to open rules file
"/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules": No such file
or directory.
And it is correct: VRT-botnet-cnc.rules doesn't exists:
root@nsm01:~# ls -la /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules
ls: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules: No such
file or directory
root@nsm01:~# ls /data/config/etc/idpsnort01/rules/
VRT-app-detect.rules VRT-exploit-kit.rules
VRT-indicator-shellcode.rules VRT-policy-other.rules
VRT-pua-other.rules VRT-server-oracle.rules
VRT-blacklist.rules VRT-exploit.rules
VRT-malware-backdoor.rules VRT-policy-social.rules
VRT-pua-p2p.rules VRT-server-other.rules
VRT-browser-chrome.rules VRT-file-executable.rules
VRT-malware-cnc.rules VRT-policy-spam.rules
VRT-pua-toolbars.rules VRT-server-webapp.rules
VRT-browser-firefox.rules VRT-file-flash.rules
VRT-malware-other.rules VRT-preprocessor.rules
VRT-rpc.rules VRT-snmp.rules
VRT-browser-ie.rules VRT-file-identify.rules
VRT-malware-tools.rules VRT-protocol-finger.rules
VRT-scada.rules VRT-specific-threats.rules
VRT-browser-other.rules VRT-file-image.rules
VRT-netbios.rules VRT-protocol-ftp.rules
VRT-scan.rules VRT-sql.rules
VRT-browser-plugins.rules VRT-file-multimedia.rules
VRT-nntp.rules VRT-protocol-icmp.rules
VRT-sensitive-data.rules VRT-telnet.rules
VRT-browser-webkit.rules VRT-file-office.rules
VRT-os-linux.rules VRT-protocol-imap.rules
VRT-server-apache.rules VRT-tftp.rules
VRT-content-replace.rules VRT-file-other.rules
VRT-os-other.rules VRT-protocol-pop.rules
VRT-server-iis.rules VRT-web-client.rules
VRT-decoder.rules VRT-file-pdf.rules
VRT-os-solaris.rules VRT-protocol-services.rules
VRT-server-mail.rules VRT-x11.rules
VRT-dns.rules VRT-indicator-compromise.rules
VRT-os-windows.rules VRT-protocol-voip.rules
VRT-server-mssql.rules
VRT-dos.rules VRT-indicator-obfuscation.rules
VRT-policy-multimedia.rules VRT-pua-adware.rules
VRT-server-mysql.rules
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1, (continued)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 JJ Cummings (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 JJC (May 10)